Unsafe product URLs - alias not filtered properly before save

Started by Genius WebDesign, December 10, 2014, 21:11:05 PM

Previous topic - Next topic

Genius WebDesign

Hi,

I found out that Virtuemart (v.2.6.10) does not filter strings correctly before saving alias to database.

Scenario:

1. My client creates a new product.
    Product name (Danish): Heldyppet orange vandtæt vinterhandske i naturgummi på acryl/bomuld. WG-338
2. My client saves the product.
3. After save the Product-Alias is: heldyppet-orange-vandtæt-vinterhandske-i-naturgummi-på-acryl-bomuld.-wg-338

This is not a safe alias.. It should be saved as: heldyppet-orange-vandtaet-vinterhandske-i-naturgummi-paa-acryl-bomuld-wg-338

Now, here is my question:

Does Virtuemart not use the build in Joomla alias function for the alias field??
JFilterOutput::stringURLSafe($string);

Also, please tell me where I can fix this (which file do I need to edit), or which function do I need to tab into to make a plugin to override the alias-filtering?


Genius WebDesign

Apparently another person had the same issue as me, also with VM 2.6
http://forum.virtuemart.net/index.php?topic=124320.0

Looks like you need to modify:
/administrator/components/com_virtuemart/helpers/vmtable.php

To the devs, please be aware of this issue for future updates..

Milbo

There is an option in joomla, unicode slugs. Enable unicode slugs and transliteration is happening
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Genius WebDesign

Thanks for the reply Milbo,

Joomla slug settings are ok.
The problem was found in
/administrator/components/com_virtuemart/helpers/vmtable.php

For some reason in version 2.6 the alias/slug was being filtered with custom str_replace intead of using Joomla´s JFilterOutput::stringURLSafe function.
I have now edited the vmtable.php file and all works as needed.

Milbo

That is also that way in vm3


$this->$slugName = str_replace('-', ' ', $this->$slugName);

//$config =& JFactory::getConfig();
//$transliterate = $config->get('unicodeslugs');
$unicodeslugs = VmConfig::get('transliterateSlugs',false);
if($unicodeslugs){
$lang = JFactory::getLanguage();
$this->$slugName = $lang->transliterate($this->$slugName);
}

// Trim white spaces at beginning and end of alias and make lowercase
$this->$slugName = trim(JString::strtolower($this->$slugName));
$this->$slugName = str_replace(array('`','´',"'"),'',$this->$slugName);

$this->$slugName = vRequest::filterUword($this->$slugName,'-,_,|','-');
while(strpos($this->$slugName,'--')){
$this->$slugName = str_replace('--','-',$this->$slugName);
}
// Trim dashes at beginning and end of alias
$this->$slugName = trim($this->$slugName, '-');

if($unicodeslugs)$this->$slugName = rawurlencode($this->$slugName);

$valid = $this->checkCreateUnique($checkTable, $slugName);


The reason is that this here "heldyppet-orange-vandtæt-vinterhandske-i-naturgummi-på-acryl-bomuld" IS valid for URLs. But some years ago it was not valid.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Genius WebDesign

"æ" "ø" and "å" are still causing problems / unwanted behavior is some browsers and it does in some cases produce 404 errors on site.
To be on the safe site you must always filter URL-strings so that it only consists of characters between a-z and no special characters.

The standard Joomla slug function JFilterOutput::stringURLSafe  works perfectly, so I wonder why you have chosen not to use this in vmtable.php?

Milbo

No, it is a matter of taste. Check back,.... there was a time I had both parties in one thread and we all agreed to use the way we have now. I mean, what more than an option?
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Genius WebDesign

We clearly disagree.
My main point is, why try to fix something that is already working perfectly?

The function that Joomla uses by default for making slugs is working like a charm. I can see absolutely no reason to not use this.

In my particular case I did indeed experience problems with the slug-method used by VM 2.6, so I had to modify vmtable.php to use the Joomla function: JFilterOutput::stringURLSafe
And now everything works without problems..

Milbo

Because you do not accept that other people have another opinion about it. There are people who want not latin URLs. Period. Live with it. Just use the other option and you have the behaviour of joomla.

If you cannot disagree with it, you are tyrannic, not letting others do what they want.

and just a little tip how it works in the World of conventions. If there is a new convention like "non latin characters are allowd for URLs", then it takes a bit time until it works anywhere, but the more people use it the faster.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

jenkinhill

I remembered that there was a news item about this on TV some years ago - so I just had to try to find it! It was back in 2010 when the first non-latin urls went live. http://www.bbc.co.uk/news/10100108
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Genius WebDesign

#10
Hi again,

Thanks for the replies.

Now, in my case, as I explained, we are dealing with Danish characters, and I´m from Denmark, so I know a little thing or two about potential problems related to unicode filtering in regards to URLs.
When it comes to SEO the reality is that in the current state of the WWW unicode characters like "æ" "ø" and "å" are best to be avoided in domain names and URLs.
The reason is that not all browsers handle unicode characters the same way.

So, the safest way will always be to filter URLs strictly and follow a-z name conventions.

When that being said, if you still want to use unicode characters in URLs on your Joomla site, there is already a global function you can use to filter URLs, which you obviously do not use in VM 2.6+
This is my primary concern, as I also explained earlier..

The Joomla "slug" filter function I´m referring to is this:
stringURLSafe($string)

Please read the reference here:
https://docs.joomla.org/API16:JApplication/stringURLSafe

This function automatically adhere to the global configuration setting "unicodeslugs"
Per default the global setting for "unicodeslugs" is set to "off", but if you set it to "on" the function will filter the slug according to this function:
JFilterOutput::stringURLUnicodeSlug($string);

If the setting is set to "off" it will filter using function:
JFilterOutput::stringURLSafe($string);

Please explain to me, why have you decided not to use the build in Joomla filter function?
Is it not smarter to use a core Joomla function when there is such a function that fits the application perfectly?
stringURLSafe($string)

Also, if you insist on using your own slugify script, why have you not included a VM admin option for choosing whether or not to use Unicode slug?


NB..
If you have added an admin option in VM to set the VM slug to Unicode or non-Unicode, then I must have missed it.

AH

A well reasoned and articulated response.

With a proposed solution that allows individual choice between two approaches.

Bravo Genius.
Regards
A

Joomla 4.4.5
php 8.1

jankoo

hi,

this alias issue is a bug.. you can call it a "feature" but it's still a bug.. and it's a HUGE issue when a basic thing like ALL STORE URLs are created with this wrong way..

For you with english sites is not a issue but what about rest of us??

This was a year ago and i still got this issue with latest VM 3.0.9.4


Ggeorgi0

I totaly agree with Genius WebDesign.
Joomla alias system work perfect.

Please can you tell me how i can make VM use the default Joomla alias system?